From e6bac48898d2fb6ad7462ff0c8f477f75bb6bd59 Mon Sep 17 00:00:00 2001 From: Joyce Fee Date: Wed, 20 Aug 2025 11:27:04 -0400 Subject: [PATCH 1/7] DOC-1629: Fix single sourcing and cross repo tags --- .../pages/schema-reg/schema-reg-authorization.adoc | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/modules/manage/pages/schema-reg/schema-reg-authorization.adoc b/modules/manage/pages/schema-reg/schema-reg-authorization.adoc index 3e842f2ec..23b7048d4 100644 --- a/modules/manage/pages/schema-reg/schema-reg-authorization.adoc +++ b/modules/manage/pages/schema-reg/schema-reg-authorization.adoc @@ -257,7 +257,17 @@ User `jane` now has global `read` and `write` access to the Schema Registry and === Create a role with Schema Registry ACLs +ifdef::env-cloud[] +You can combine Schema Registry ACLs with xref:security/authorization/rbac/rbac_dp.adoc[role-based access control (RBAC)] to create reusable roles. This approach simplifies permission management when you need to assign the same set of permissions to multiple users. +endif::[] + +ifdef::env-cloud[] +You can combine Schema Registry ACLs with xref:ROOT:security:authorization/rbac/rbac-dp.adoc[tag=single-source] to create reusable roles. This approach simplifies permission management when you need to assign the same set of permissions to multiple users. +endif::[] + +ifndef::env-cloud[] You can combine Schema Registry ACLs with xref:manage:security/authorization/rbac.adoc[role-based access control (RBAC)] to create reusable roles. This approach simplifies permission management when you need to assign the same set of permissions to multiple users. +endif::[] This example creates a role called `SoftwareEng` and assigns it ACLs for both topic and Schema Registry access: @@ -344,6 +354,7 @@ User:alice * TOPIC bar LITERAL READ The `Not found` error occurs in the request: `12:17:33.935 DEBUG sending request {"method": "POST", "URL: "http://127.0.0.1:8081/security/acls", "has_bearer": false, "has_basic_auth": false}`, meaning that the endpoint is not available (because you are using an older Redpanda version). You must upgrade to the current version of Redpanda. +ifndef::env-cloud[] This next error occurs when the user tries to create two ACLs, one for a topic and one for a registry-subject: [bash] @@ -364,6 +375,7 @@ User:mary * TOPIC private LITERAL READ ---- The `Invalid license: not present` error indicates that the user is trying to create an ACL for a resource that requires a license, but no license is present. See xref:get-started:licensing/overview.adoc[Licensing overview] for details on how to obtain a license. +endif::[] == Suggested reading From 52ae5880b874adb34e53990cd142596a08f25a56 Mon Sep 17 00:00:00 2001 From: Joyce Fee Date: Wed, 20 Aug 2025 12:05:31 -0400 Subject: [PATCH 2/7] removed unsupported tag --- modules/manage/pages/schema-reg/schema-reg-authorization.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/manage/pages/schema-reg/schema-reg-authorization.adoc b/modules/manage/pages/schema-reg/schema-reg-authorization.adoc index 23b7048d4..92908e151 100644 --- a/modules/manage/pages/schema-reg/schema-reg-authorization.adoc +++ b/modules/manage/pages/schema-reg/schema-reg-authorization.adoc @@ -262,7 +262,7 @@ You can combine Schema Registry ACLs with xref:security/authorization/rbac/rbac_ endif::[] ifdef::env-cloud[] -You can combine Schema Registry ACLs with xref:ROOT:security:authorization/rbac/rbac-dp.adoc[tag=single-source] to create reusable roles. This approach simplifies permission management when you need to assign the same set of permissions to multiple users. +You can combine Schema Registry ACLs with xref:ROOT:security:authorization/rbac/rbac-dp.adoc[role-based access control (RBAC)] to create reusable roles. This approach simplifies permission management when you need to assign the same set of permissions to multiple users. endif::[] ifndef::env-cloud[] From b6d35a9ec3e5764438a75615c3ad317ccb9619b1 Mon Sep 17 00:00:00 2001 From: micheleRP Date: Wed, 20 Aug 2025 10:14:47 -0600 Subject: [PATCH 3/7] fix typo in xref --- .../manage/pages/schema-reg/schema-reg-authorization.adoc | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/modules/manage/pages/schema-reg/schema-reg-authorization.adoc b/modules/manage/pages/schema-reg/schema-reg-authorization.adoc index 92908e151..be08b7075 100644 --- a/modules/manage/pages/schema-reg/schema-reg-authorization.adoc +++ b/modules/manage/pages/schema-reg/schema-reg-authorization.adoc @@ -258,11 +258,7 @@ User `jane` now has global `read` and `write` access to the Schema Registry and === Create a role with Schema Registry ACLs ifdef::env-cloud[] -You can combine Schema Registry ACLs with xref:security/authorization/rbac/rbac_dp.adoc[role-based access control (RBAC)] to create reusable roles. This approach simplifies permission management when you need to assign the same set of permissions to multiple users. -endif::[] - -ifdef::env-cloud[] -You can combine Schema Registry ACLs with xref:ROOT:security:authorization/rbac/rbac-dp.adoc[role-based access control (RBAC)] to create reusable roles. This approach simplifies permission management when you need to assign the same set of permissions to multiple users. +You can combine Schema Registry ACLs with xref:security:authorization/rbac/rbac_dp.adoc[role-based access control (RBAC)] to create reusable roles. This approach simplifies permission management when you need to assign the same set of permissions to multiple users. endif::[] ifndef::env-cloud[] From 807099346053def22ccf7f752df1af63e3ffef9a Mon Sep 17 00:00:00 2001 From: Joyce Fee Date: Wed, 20 Aug 2025 11:27:04 -0400 Subject: [PATCH 4/7] DOC-1629: Fix single sourcing and cross repo tags --- .../pages/schema-reg/schema-reg-authorization.adoc | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/modules/manage/pages/schema-reg/schema-reg-authorization.adoc b/modules/manage/pages/schema-reg/schema-reg-authorization.adoc index 90fc5390c..fa14c8c86 100644 --- a/modules/manage/pages/schema-reg/schema-reg-authorization.adoc +++ b/modules/manage/pages/schema-reg/schema-reg-authorization.adoc @@ -257,7 +257,17 @@ User `jane` now has global `read` and `write` access to the Schema Registry and === Create a role with Schema Registry ACLs +ifdef::env-cloud[] +You can combine Schema Registry ACLs with xref:security/authorization/rbac/rbac_dp.adoc[role-based access control (RBAC)] to create reusable roles. This approach simplifies permission management when you need to assign the same set of permissions to multiple users. +endif::[] + +ifdef::env-cloud[] +You can combine Schema Registry ACLs with xref:ROOT:security:authorization/rbac/rbac-dp.adoc[tag=single-source] to create reusable roles. This approach simplifies permission management when you need to assign the same set of permissions to multiple users. +endif::[] + +ifndef::env-cloud[] You can combine Schema Registry ACLs with xref:manage:security/authorization/rbac.adoc[role-based access control (RBAC)] to create reusable roles. This approach simplifies permission management when you need to assign the same set of permissions to multiple users. +endif::[] This example creates a role called `SoftwareEng` and assigns it ACLs for both topic and Schema Registry access: @@ -344,6 +354,7 @@ User:alice * TOPIC bar LITERAL READ The `Not found` error occurs in the request: `12:17:33.935 DEBUG sending request {"method": "POST", "URL: "http://127.0.0.1:8081/security/acls", "has_bearer": false, "has_basic_auth": false}`, meaning that the endpoint is not available (because you are using an older Redpanda version). You must upgrade to the current version of Redpanda. +ifndef::env-cloud[] This next error occurs when the user tries to create two ACLs, one for a topic and one for a registry-subject: [bash] @@ -364,6 +375,7 @@ User:mary * TOPIC private LITERAL READ ---- The `Invalid license: not present` error indicates that the user is trying to create an ACL for a resource that requires a license, but no license is present. See xref:get-started:licensing/overview.adoc[Licensing overview] for details on how to obtain a license. +endif::[] == Suggested reading From d4b23b531c362c5ff338625add71d34e0cdcc28b Mon Sep 17 00:00:00 2001 From: Joyce Fee Date: Wed, 20 Aug 2025 12:05:31 -0400 Subject: [PATCH 5/7] removed unsupported tag --- modules/manage/pages/schema-reg/schema-reg-authorization.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/manage/pages/schema-reg/schema-reg-authorization.adoc b/modules/manage/pages/schema-reg/schema-reg-authorization.adoc index fa14c8c86..8cd802c82 100644 --- a/modules/manage/pages/schema-reg/schema-reg-authorization.adoc +++ b/modules/manage/pages/schema-reg/schema-reg-authorization.adoc @@ -262,7 +262,7 @@ You can combine Schema Registry ACLs with xref:security/authorization/rbac/rbac_ endif::[] ifdef::env-cloud[] -You can combine Schema Registry ACLs with xref:ROOT:security:authorization/rbac/rbac-dp.adoc[tag=single-source] to create reusable roles. This approach simplifies permission management when you need to assign the same set of permissions to multiple users. +You can combine Schema Registry ACLs with xref:ROOT:security:authorization/rbac/rbac-dp.adoc[role-based access control (RBAC)] to create reusable roles. This approach simplifies permission management when you need to assign the same set of permissions to multiple users. endif::[] ifndef::env-cloud[] From cfb5b2a4c18b5c60e1cfe33c30ed4efc13718bd4 Mon Sep 17 00:00:00 2001 From: micheleRP Date: Wed, 20 Aug 2025 10:14:47 -0600 Subject: [PATCH 6/7] fix typo in xref --- .../manage/pages/schema-reg/schema-reg-authorization.adoc | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/modules/manage/pages/schema-reg/schema-reg-authorization.adoc b/modules/manage/pages/schema-reg/schema-reg-authorization.adoc index 8cd802c82..5c6b7ab55 100644 --- a/modules/manage/pages/schema-reg/schema-reg-authorization.adoc +++ b/modules/manage/pages/schema-reg/schema-reg-authorization.adoc @@ -258,11 +258,7 @@ User `jane` now has global `read` and `write` access to the Schema Registry and === Create a role with Schema Registry ACLs ifdef::env-cloud[] -You can combine Schema Registry ACLs with xref:security/authorization/rbac/rbac_dp.adoc[role-based access control (RBAC)] to create reusable roles. This approach simplifies permission management when you need to assign the same set of permissions to multiple users. -endif::[] - -ifdef::env-cloud[] -You can combine Schema Registry ACLs with xref:ROOT:security:authorization/rbac/rbac-dp.adoc[role-based access control (RBAC)] to create reusable roles. This approach simplifies permission management when you need to assign the same set of permissions to multiple users. +You can combine Schema Registry ACLs with xref:security:authorization/rbac/rbac_dp.adoc[role-based access control (RBAC)] to create reusable roles. This approach simplifies permission management when you need to assign the same set of permissions to multiple users. endif::[] ifndef::env-cloud[] From acd9076e15cf0b978542da9f0e4d861a98dc3454 Mon Sep 17 00:00:00 2001 From: micheleRP Date: Wed, 20 Aug 2025 10:36:47 -0600 Subject: [PATCH 7/7] conditionalize out note for schema_id_validation --- modules/manage/pages/schema-reg/schema-reg-authorization.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/manage/pages/schema-reg/schema-reg-authorization.adoc b/modules/manage/pages/schema-reg/schema-reg-authorization.adoc index be08b7075..c71cbc498 100644 --- a/modules/manage/pages/schema-reg/schema-reg-authorization.adoc +++ b/modules/manage/pages/schema-reg/schema-reg-authorization.adoc @@ -267,10 +267,12 @@ endif::[] This example creates a role called `SoftwareEng` and assigns it ACLs for both topic and Schema Registry access: +ifndef::env-cloud[] [NOTE] ==== Redpanda recommends using the topic naming strategy for Schema Registry subjects, where subjects follow the pattern `-key` or `-value`. For details, see xref:manage:schema-reg/schema-id-validation.adoc#set-subject-name-strategy-per-topic[Set subject name strategy per topic]. ==== +endif::[] [,bash] ----